Apple is giving away up to $1 million for cybersecurity experts who will find the loopholes in the security of the iPhone. This is the highest sum ever that a company offers to defend itself in advance against hackers.
As the Reuters news agency reports, this is a slightly unusual initiative for Apple, which so far had offered rewards only to selected researchers. This time, instead, the possibility will be for to all researchers and will not only concern iPhone and cloud backups but also Mac software and other areas.
Also varies the list of rewards made available to those who will make the most interesting discoveries from the point of view of security: the 1 million dollars will be won only by those who will find a way to access the kernel of an iPhone remotely without the need to take any action on the user’s smartphone. To this end, Apple will provide researchers with special iPhones to facilitate their search for bugs.
It is, as anticipated, the highest reward that Apple has ever offered on this front. So far it has touched $200,000 for bug reports to which it can later remedy with updates.
Gizchina News of the week
Apple Face ID
During the Black Hat conference in Las Vegas, researchers showed a method to bypass face recognition through FaceID. The test was based on simulating a person’s eyes by attaching a small white ribbon to a larger black one. In turn gluing them onto the lenses of a pair of glasses.
The intent of the researchers was to by-pass the so-called “liveness detection”. That is the ability of a biometric system to recognize “how alive” the person subject of recognition. In practice, it serves to detect that there is no front a mask. FaceID integrates this functionality, so this simple trick can actually put security at risk by allowing access to the smartphone.
The trick only works if the victim is wearing these special glasses. As the eye abstraction for detection generates a black area with a white dot in the center (simulates the eye). Wearing glasses, FaceID modifies the way the liveness detecion scans the eyes, “not extracting 3D information from the eye area “. In this way, the area below the lenses is as if it were scanned with a lower level of detail.